[wplug] I need to "wiretap" an HTTPS connection - how?
Pat Barron
pat at lectroid.com
Fri Oct 31 17:57:05 EDT 2014
The other interesting wrinkle here (I know I'm getting away from Linux,
per se - but it's just kind of interesting....).
When the app makes this SOAP request, it gets as far as completing the
SSL handshake (based on what I see in the app server logs with a whole
bunch of SSL tracing turned on), and then the server side drops the
connection and I get "Connection reset". When I manually make
(apparently) the same request via SOAP UI (a troubleshooting /
development tool for SOAP apps), it works just fine. No idea why it's
failing from the app - this is driving me batty.... ;-)
--Pat.
On 10/31/2014 5:50 PM, Pat Barron wrote:
> I can't use anything that runs within a browser (such as Firebug),
> since this is an app running on a Java app server that's using a SOAP
> API to get data from elsewhere. But, from first glance, it looks like
> ZAP might help me out here, maybe even Fiddler (if I can set it up on
> a Windows box). Fiddler, I already knew about, but I was not aware of
> ZAP - thanks for this pointer!!
>
> --Pat.
>
> On 10/31/2014 2:35 PM, Jake S wrote:
>> For something like firefox I'd try firebug (see net tab). Also if
>> you have access to a windows box Fiddler is a nice proxy. It *can*
>> mitm your ssl requests with it's own root cert. I think something
>> like burpsuite or zap would be easy enough to use. It's been a while
>> since I've used either of those.
>> http://getfirebug.com/
>> http://www.telerik.com/fiddler
>> http://portswigger.net/burp/
>> http://code.google.com/p/zaproxy/
>> -Jake
>>> Date: Fri, 31 Oct 2014 14:26:42 -0400
>>> From: pat at lectroid.com
>>> To: wplug at wplug.org
>>> Subject: Re: [wplug] I need to "wiretap" an HTTPS connection - how?
>>>
>>> No, we don't - the server is operated by a different team than the one
>>> I'm working with. Aside from making SOAP API calls, we have no access
>>> to the server itself. (The server is actually operated by the
>>> organization I'm working with, but by a different team - worse comes to
>>> worse, we may need to figure out how to get someone on the team that
>>> operates the server to dig through server logs for us - but it's a
>>> large
>>> organization, and the person I'm working with doesn't know or work with
>>> any of those folks....)
>>>
>>> --Pat.
>>>
>>> On 10/31/2014 1:59 PM, Chris Thomas wrote:
>>>> Do you have access to the server's SSL private keys? If so, you can
>>>> install
>>>> them into Wireshark and decrypt the encrypted traffic.
>>>>
>>>> -Chris
>>>>
>>>> On Fri, Oct 31, 2014 at 12:39 PM, Pat Barron <pat at lectroid.com> wrote:
>>>>
>>>>> So, long story short...
>>>>>
>>>>> I have an application making an HTTPS connection to a URL (for the
>>>>> purpose
>>>>> of POSTing a SOAP request, though that's probably not relevant per
>>>>> se...).
>>>>> Before successfully completing the HTTPS request, the remote side is
>>>>> dropping the connection on me. I have no idea why. I'd like to
>>>>> be able to
>>>>> see what is actually being sent/received on the connection -
>>>>> though that
>>>>> is tough, since it is encrypted...
>>>>>
>>>>> I have the ability to change the host and URL that is being used,
>>>>> and to
>>>>> make the application use HTTP instead of HTTPS. What I have in
>>>>> mind, is to
>>>>> try to put some kind of proxy between the app and the remote
>>>>> server, so
>>>>> that the app connects to the proxy using HTTP, and have the proxy
>>>>> connect
>>>>> on it's behalf to the remote server using HTTPS. Then I can sniff
>>>>> the
>>>>> traffic on the unencrypted HTTP connection and get a better idea
>>>>> what is
>>>>> going on.
>>>>>
>>>>> Can anyone suggest a simple proxy I could use for this?
>>>>>
>>>>> --Pat.
>>>>>
>>>>> _______________________________________________
>>>>> wplug mailing list
>>>>> wplug at wplug.org
>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>>
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list